Updated: Password changes ordered after unauthorised software found on government server

The government's IT agency (Mita) is changing the passwords of all government users of its servers following the identification of unauthorised software on a server used for the storage of the user credentials of personnel in Maltese embassies abroad .

Mita said earlier today that preliminary analysis indicated that the software had the potential to extract user names and passwords on the embassies server only.

In an update this afternoon, it said that as soon as the software was detected, it implemented a series of precautionary measures to ensure users were not exposed to unnecessary risks and to protect the security of their information.

The password change started last night and is currently underway.

"MITA has escalated its monitoring of all activity on such servers and no further anomalous activity, indicative of any breach, has been registered or detected. Nevertheless, over the coming hours MITA will continue this analysis to collect further information and evidence on the attack. Concurrently the Information Security and Risk Management Department of MITA are providing the Police with the results being derived from this monitoring activity," the agency said.

A US-based security advisory firm engaged by MITA following an earlier breach had confirmed that the measures put in place were an appropriate and measured response to the event, the government agency said.

"As of last night, MITA deployed a number of specialised teams to handle the volume of incoming calls at its Service Call Centre, which provides services to all the employees in the public sector. Up to 4 p.m., the Call Centre handled 2,288 calls with the rate of refreshed accounts in one working day reaching the expected target levels. In the execution of this process, the direct engagement and commitment of Chief Information Officers in ministries and public sector entities was crucial for the successful results registered."

See also:

http://www.timesofmalta.com/articles/view/20090305/local/embassies-server-suffers-cyber-attack